Make WordPress Core

Changeset 7633


Ignore:
Timestamp:
04/08/2008 05:30:14 PM (16 years ago)
Author:
ryan
Message:

Use DB prepare on login queries. Props filosofo. fixes #6640 for trunk

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-login.php

    r7524 r7633  
    9191    do_action('retrieve_password', $user_login);
    9292
    93     $key = $wpdb->get_var("SELECT user_activation_key FROM $wpdb->users WHERE user_login = '$user_login'");
     93    $key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login));
    9494    if ( empty($key) ) {
    9595        // Generate something random for a key...
     
    9797        do_action('retrieve_password_key', $user_login, $key);
    9898        // Now insert the new md5 key into the db
    99         $wpdb->query("UPDATE $wpdb->users SET user_activation_key = '$key' WHERE user_login = '$user_login'");
     99        $wpdb->query($wpdb->prepare("UPDATE $wpdb->users SET user_activation_key = %s WHERE user_login = %s", $key, $user_login));
    100100    }
    101101    $message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n";
     
    119119        return new WP_Error('invalid_key', __('Invalid key'));
    120120
    121     $user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_activation_key = '$key'");
     121    $user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s", $key));
    122122    if ( empty( $user ) )
    123123        return new WP_Error('invalid_key', __('Invalid key'));
Note: See TracChangeset for help on using the changeset viewer.